Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberUS5721781 A
Publication typeGrant
Application numberUS 08/531,567
Publication dateFeb 24, 1998
Filing dateSep 13, 1995
Priority dateSep 13, 1995
Fee statusPaid
Publication number08531567, 531567, US 5721781 A, US 5721781A, US-A-5721781, US5721781 A, US5721781A
InventorsVinay Deo, Robert B. Seidensticker, Daniel R. Simon
Original AssigneeMicrosoft Corporation
Export CitationBiBTeX, EndNote, RefMan
External Links: USPTO, USPTO Assignment, Espacenet
Authentication system and method for smart card transactions
US 5721781 A
Abstract
An authentication system includes a portable information device, such as a smart card, that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a digital signature from a trusted certifying authority and a unique public key. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the certifying authority. The system further includes a terminal that is capable of accessing the smart card. The terminal has at least one compatible application which operates in conjunction with an application on the smart card. The terminal is assigned its own certificate which also contains the digital signature from the trusted certifying authority and a unique public key. Similarly, the application on the terminal is given an associated digital certificate. During a transactional session, the smart card and terminal exchange their certificates to authenticate one another. Thereafter, a smart card application is selected and the related certificates for both the smart card application and the terminal application are exchanged between the smart card and terminal to authenticate the applications. Additionally, the cardholder enters a unique PIN into the terminal. The PIN is passed to the smart card for use in authenticating the cardholder. The three-tiered authentication system promotes security in smart card transactions.
Images(6)
Previous page
Next page
Claims(21)
We claim:
1. A method for authenticating a transaction between a portable information device and a terminal, the portable information device storing a device-related certificate unique to the device and the terminal storing a terminal-related certificate unique to the terminal which includes information regarding a type of terminal, the method comprising the following steps:
exchanging the device-related and terminal-related certificates between the portable information device and the terminal during a transaction;
authenticating the portable information device and the terminal to each other using the exchanged device-related and terminal-related certificates;
determining, at the portable information device, a security level for the terminal based on the terminal type information contained in the terminal-related certificate received from the terminal, the security level having an associated value limit for a value of the transaction conducted during the transactional session; and
restricting the value of the transaction to the value limit associated with the determined security level.
2. A method as recited in claim 1 and further comprising the additional step of encrypting communication between the portable information device and the terminal during the transaction.
3. A method as recited in claim 1, wherein the portable information device is associated with a user who has a unique PIN, and further comprising the following additional steps:
receiving the PIN at the terminal during the transaction;
passing the PIN from the terminal to the portable information device; and
authenticating the the user at the portable information device.
4. A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction, each terminal having at least one resident application stored thereon, the method comprising the following steps:
storing multiple applications on the smart card, the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals;
establishing multiple security levels for corresponding types of terminals, the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type;
assigning a card-related certificate to the smart card, the card-related certificate having a digital signature of a certified authority and a public key unique to the smart card for use in data encryption;
assigning terminal-related certificates to the various types of terminal, each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption, said each terminal-related certificate also having information regarding the type of terminal;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals, each application-related certificate having the digital signature of the certified authority and a public key unique to that application;
commencing a transactional session between the smart card and a particular one of the terminals;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates;
determining the security level for particular terminal, at the smart card, using the terminal type information contained in the terminal-related certificate received from the particular terminal;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal;
exchanging, between the smart card and the particular terminal, the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal;
authenticating the target and resident applications using their exchanged application-related certificates;
conducting the transaction after the target application has been authenticated; and
restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal.
5. A method according to claim 4 and further comprising associating monetary value limits with the different security levels.
6. A method as recited in claim 4 and further comprising the following additional steps:
associating the smart card with a cardholder;
assigning a unique PIN to the cardholder;
inputting the PIN to the particular terminal during the transactional session;
passing the PIN from the particular terminal to the smart card; and
authenticating the cardholder at the smart card.
7. A method as recited in claim 6 wherein the multiple various terminals are off-line and on-line types of terminals, the method further comprising the following additional steps:
establishing a first security level that is associated with an off-line terminal that has an unexpired terminal-related certificate;
establishing a second security level that is associated with an on-line terminal that has an unexpired terminal-related certificate, the second security level being of higher security than the first security level;
establishing a third security level that is associated with an off-line terminal that has an unexpired terminal-related certificate and requires the PIN from the cardholder, the third security level being of higher security than the second security level; and
establishing a fourth security level that is associated with an on-line terminal that has an unexpired terminal-related certificate and requires the PIN from the cardholder, the fourth security level being of higher security than the third security level.
8. A method as recited in claim 7 and further comprising associating monotonically increasing monetary value limits with the first through fourth security levels, respectively.
9. A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public keys from the device-related and terminal-related certificates that have already been exchanged.
10. A system comprising:
a portable information device having a microprocessor capable of processing multiple applications, the portable information device having an associated device-related certificate;
multiple terminals of various types capable of accessing the portable information device, the terminals having associated security levels wherein the security levels have associated value limits for a value of a transaction, each terminal having an associated terminal-related certificate which contains information pertaining to the terminal type;
means for exchanging the device-related and terminal-related certificates between a particular terminal and the portable information device; and
the portable information device having means for determining the security level for a particular terminal based upon the terminal type information contained in a terminal-related certificate associated with the particular terminal.
11. A system as recited in claim 10 wherein the portable information device comprises a smart card.
12. A system as recited in claim 10 wherein the portable information device comprises a portable personal digital assistant.
13. A system as recited in claim 10 wherein the portable information device comprises an electronic watch.
14. A system as recited in claim 10 wherein the portable information device has a file system for managing multiple files.
15. A system as recited in claim 10 and further comprising an input mechanism at the terminal to enable a cardholder to enter a PIN, the terminal transferring the PIN to the portable information device so that the authentication means can verify the authenticity of the cardholder to the portable information device.
16. A portable information device for use in transactions with a terminal, the portable information device comprising:
a memory for storing at least one application;
a processor programmed to: (1) receive a terminal-related certificate from the terminal, the terminal-related certificate containing information pertaining to the type of terminal; (2) authenticate the terminal using the received terminal-related certificate; (3) analyze the terminal type from the information contained in the terminal-related certificate: and (4) limit any transaction to a selected monetary amount based upon the the type of terminal.
17. A portable information device as recited in claim 16 wherein the processor is programmed to encrypt communication output to the terminal and to decrypt communication received from the terminal.
18. A portable information device as recited in claim 16 wherein the memory stores a PIN of an associated user, the processor is further programmed to receive a PIN from the terminal and to authenticate the user based upon the received PIN.
19. A portable information device as recited in claim 16 wherein the memory stores multiple applications and one of the applications comprises a file system capable of managing multiple files.
20. Computer-readable media resident at the portable information device and the terminal having computer-executable instructions for performing the steps in the method recited in claim 1.
21. In a system involving a transaction between a portable information device and a terminal, a computer-readable media provided at the portable information device having computer-executable instructions for performing the following steps:
receiving a certificate from the terminal, the certificate containing information pertaining to a type of terminal;
analyzing the terminal type from the information contained in the certificate; and
limiting any transaction with the terminal to a selected value based upon the type of terminal.
Description
TECHNICAL FIELD

This invention relates to portable information devices, such as smart cards, personal digital assistants, pagers, and other personal information managers, and the mechanisms used to access these devices. This invention is particularly well suited for smart card systems, including the smart cards themselves, cardholders, and terminals into which the smart cards are inserted for various transactions. More particularly, this invention relates to systems and methods for authenticating smart cards, applications, cardholders, and terminals to protect against fraudulent transactions.

BACKGROUND OF THE INVENTION

Authentication systems are used for security purposes to verify the authenticity of one or more parties during a transaction. Traditionally, authentication systems have been manual, involving simple personal recognition or quick verification of the party via some form of additional identification. One very familiar authentication process occurs when purchasing an item with a personal check. The sales clerk will process the check only if he/she recognizes the person writing the check or if the person presents another piece of identification (e.g., a credit card, or driver's license) to verify the authenticity of that person who is offering the check. Another common manual authentication process might occur in an apartment building or at work where a person is authenticated by a security guard or receptionist through visual recognition.

Some authenticating systems are electronic. A familiar electronic authentication system is used in a common ATM (Automated Teller Machine). Bank members are issued special ATM cards for use in the ATMs to permit automated access to the member's account. The ATM cards that are primarily in use today consist of magnetic-stripe memory cards that have a single magnetic stripe on one side. The magnetic stripe contains information regarding the bank, the member, and his/her account. To guard against unauthorized access, the member is also given a multi-digit password or PIN (Personal Identification Number). The member inserts the mag-stripe card into the ATM and enters a four digit password or PIN (Personal Identification Number). The PIN authenticates for the ATM that the person standing at the ATM is the member who owns the inserted ATM card (or an authorized person representing that member).

Mag-stripe cards are limited, however, in that they are single purpose cards. For instance, one mag-stripe ATM card is used solely for interfacing with a bank ATM, while another mag-stripe card is used solely for frequent flyer mileage, while another mag-stripe card is used solely for making long distance telephone calls.

Today, there is a movement toward use of "smart cards" instead of mag-stripe cards. A "smart card" is a credit card that has a built-in microcontroller (MCU) which enables the card to modify, or even create, data in response to external stimuli. The microcontroller is a single-wafer integrated circuit (IC) which is mounted on an otherwise plastic credit card.

By virtue of the resident on-chip processor, smart cards are self-validating and can authenticate various passwords off-line without connection to a back end computer. Some conventional smart cards perform an authentication procedure during each "session", which is the period of time that the smart card is inside of a compatible terminal. The session commences with a system startup phase. Since the card has no power supply of its own, the system startup phase consists of supplying power to the card and performing a "cold" boot to establish communication between the card and terminal. Thereafter, the card and terminal enter an authentication phase where the terminal verifies that it is communicating with an authorized card. This usually entails the smart card forwarding its own access code to the terminal for verification. Following authentication, one or more transactions are conducted and the card is removed from the terminal, ending the session.

In conventional smart card systems, however, the cards have been designed to hold just one application. One smart card might be used for a banking/financial application, while another smart card might be dedicated to a security application for entry to a building or workplace, while yet another smart card might be dedicated to a health related application. In these conventional systems, the authentication phase consists only of verifying that the card is suitable to talk to the terminal, typically via the internal access code. Unfortunately, there is little or no standardization in the smart card arena, and thus many different non-compatible systems are in existence today. This lack of standardization has impeded efforts to produce a smart card capable of handling multiple applications.

As smart cards evolve, however, they are expected to carry multiple applications--such as banking, travel, retail, security, identification, health care, and electronic benefits transfer--on the same card. The same smart card will be used to deposit or withdrawal money from an ATM, keep track of frequent flyer mileage, permit entry into buildings, store the cardholder's health information, and enable purchase of goods and services. With multiple applications, the number and complexity of security issues rise. For instance, the cardholder does not want his/her employer's entrance security system which interfaces with a security application on the smart card to gain access to sensitive health care information stored on the same health card, nor does the cardholder wish for his/her a doctor to use the health care application to gain access to personal financial information.

It is therefore one object of this invention to provide an authentication system for ensuring the security of the smart card and the applications contained thereon.

Because all smart card transactions are conducted electronically, there is an additional need to ensure for the smart card that the terminal asking for the information is authenticate, and not a fraudulent machine. In other words, there is a need for an authentication system that enables a smart card and terminal to trust each other, as well as verifying that the present cardholder is authenticate. It is another object of this invention to provide such an authentication system.

SUMMARY OF THE INVENTION

This invention provides a smart card authentication system that verifies the user, smart card, application, and terminal.

In one preferred implementation, the system has a smart card that is configured to store and process multiple different applications. The smart card is assigned its own digital certificate which contains a unique public key and a digital signature from a trusted certifying authority. Each of the applications stored on the smart card is also assigned an associated certificate having the digital signature of the certifying authority.

The system also includes a terminal that is capable of accessing the smart card. The terminal has at least one compatible application which operates in conjunction with at least one corresponding application stored on the smart card. The terminal is assigned its own certificate which contains a unique public key and the digital signature from the trusted certifying authority. Similarly, the application on the terminal is given an associated digital certificate.

During a transactional session, the smart card and terminal exchange their certificates over an unsecured communication path. The path is unsecured in the sense that any party can intercept and decipher the message. Following this exchange, the smart card and terminal each process the other's certificate to verify the authenticity of the other. After this initial authentication, a secure communication path is established between the smart card and terminal using encryption techniques and each others' public keys. While third parties might still be able to intercept the encrypted messages, they would not be able to decipher them. Thereafter, an application is selected and the application-related certificates of the smart card application and terminal application are encrypted and then exchanged over the secure communication path. The smart card and terminal then authenticate the application using the exchanged certificates.

As a further level of security, a unique PIN is assigned to the cardholder. During the transactional session, the cardholder enters the PIN into the terminal, which then passes the PIN to the smart card. The smart card compares this PIN with the correct PIN kept in its memory to authenticate the cardholder.

According to another aspect of this invention, a multi-level security protocol is established based upon the types and inherent security of different terminals. The security protocol enables the smart card to be used in many diverse applications, from transferring large sums of money between bank accounts to purchasing a fifty cent soda pop. According to the protocol, security levels are assigned to different types of terminals. The security levels have associated value limits that are imposed for any transaction occurring at the respective terminal. The certificate assigned to a particular terminal contains information pertaining to its type. From this information, the smart card can determine the security level for that particular terminal. The smart card then limits the value of the transaction in accordance with the guidelines associated with the security level.

According to another aspect of this invention, a smart card that is specially configured to operate in the authentication system is described. It is noted that although the smart card embodiment is preferred, aspects of this invention can be implemented in other embodiments of portable information devices, such as personal digital assistants, pages, and electronic programmable watches.

According to another aspect of this invention, a method for authenticating a transaction between a smart card and terminal is also disclosed.

According to yet another aspect of this invention, a method for conducting a smart card transaction using a multi-level security protocol is described.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagrammatic illustration of a smart card.

FIG. 2 is a block diagram of a microcontroller integrated circuit used in the FIG. 1 smart card.

FIG. 3 is a diagrammatic illustration of an authentication system in the context of an ATM banking system according to an example embodiment of this invention.

FIG. 4 is a diagrammatic illustration of an initial step of an authentication process of this invention involving the exchange of digital certificates between a smart card and terminal.

FIG. 5 is a diagrammatic illustration of another step of the authentication process involving the exchange of application-related digital certificates between a smart card and terminal.

FIG. 6 is a diagrammatic illustration of another step of the authentication process involving the authentication of a cardholder via his or her PIN.

FIGS. 7 and 8 present a flow diagram of a method for authenticating a transaction between a smart card and a terminal.

FIG. 9 is a flow diagram of a method for conducting a smart card transaction using a multi-level security protocol according to another aspect of this invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

This invention concerns authentication schemes and is described in the preferred context of smart cards. However, this invention may be used in conjunction with other small programmable portable information devices, in place of smart cards. Such portable information devices include pagers, personal digital assistants, personal information managers, and programmable watches. One notable watch that can be used in the context of this invention is the commercially available Timex® Data-Link® watch. As used herein, "portable information device" means a small, portable, electronic apparatus that has limited processing capabilities, limited or no power resources, limited rewritable memory capacity, and is designed to interface with external read/write equipment.

FIG. 1 shows a smart card 10. It is the size of a credit card and has a built-in microcontroller (MCU) 12 which enables the card to modify, or even create, data in response to external stimuli. Microcontroller 12 is a single wafer integrated circuit (IC) which is mounted on an otherwise plastic credit card. Conductive contacts 14 are shown formed on the IC to enable interfacing to external read/write equipment. In other embodiments, however, the smart card can be configured without physical contacts. Such contactless cards receive information via proximity couplings (e.g., magnetic coupling) or via remote coupling (e.g., radio communication). A smart card is physically constructed in accordance with the international standard ISO-7816 which governs size and bendable limits of the plastic card, as well as size and location of the silicon integrated circuit.

FIG. 2 shows smart card microcontroller IC 12 in more detail. It includes a CPU 20, a volatile rewritable RAM (Random Access Memory) 22, a ROM (Read Only Memory) 24, and an EEPROM (Electrically Erasable Programmable ROM) 26. A set of I/O ports 28 are internally coupled to CPU 20 to supply data and control information that are received from the external accessing equipment. As an example, clock, reset, power, data I/O, and ground are provided at I/O ports 28. One suitable microcontroller-based single-wafer IC that can be used in smart cards is available from Motorola Corporation under model number MC68HC05SC21. In this chip, the data I/O is serial.

In this invention, smart card 10 contains multiple different applications and can be concurrently used in many different domains. For instance, smart cards can be used to store financial data for banking purposes, maintain medical information for use by health care providers, track frequent flyer mileage for the cardholder or airline, permit selective entrance into secure facilities, manage electronic benefits, or organize account information for routinely paid services such as cable TV. ROM 24 stores the multiple applications.

This invention concerns an authentication system which verifies the authenticity of the interested components prior to conducting a transaction. For purposes of continuing discussion, aspects of this invention will be described in the context of employing smart cards to manage financial data. In this context, one of the applications stored on the smart cards relates to managing banking and other financial data.

FIG. 3 shows a smart card authentication system 30 in the context of an ATM banking system. Smart card authentication system 30 includes smart card 10 and a smart card terminal 32, which is embodied as an ATM. The ATM has a card reading slot 34, a keypad 36, and a display 38. The terminal has software resident thereon, or on a remote on-line computer, which consists of at least one application that is compatible, and operates in conjunction, with the corresponding financial application stored on the smart card.

When the cardholder wishes to make a financial transaction, the cardholder begins a transactional session by inserting smart card 10 into a card reading slot 34 of the ATM. A "session" is the period of time that the smart card is inside terminal 32. The session commences with a system startup phase. Since smart card 10 has no power supply of its own, the system startup phase consists of supplying power to the card and performing a "cold" boot to establish communication between the card and terminal. The terminal sends a reset signal and the card responds to the reset signal to establish communication modes and options.

Since the smart card 10 stores multiple applications, a target application is selected from among the multiple applications. In the continuing example, the target application is the financial application. The target application might be selected in a number of ways, including both manual and automated techniques. For example, the smart card itself might select the target application that is suited for the particular terminal. Alternatively, the terminal might decide which of the applications stored on the smart card is compatible with the application resident at the terminal. As another example, the user might select the appropriate application at the beginning of a session.

Thereafter, the smart card and terminal enter the authentication phase which is the primary subject of the this invention. During the authentication phase, the terminal verifies that it is communicating with an authorized smart card, and the smart card verifies that it is talking to an authorized terminal. According to an aspect of this invention, the authentication phase further authenticates the selected target application that is resident on the smart card as well as the compatible application resident on the terminal. Moreover, the authentication technique of this invention authenticates the cardholder to the smart card. This multi-level authentication promotes highly secure transactions.

To enable such high security authentication, the authentication scheme of this invention involves assigning unique identifications to the smart card, terminal, cardholder, and each application on the card. At their simplest form, the unique identifications might consist of special passwords assigned to each of these participants. In the preferred implementation, however, digital certificates are assigned to the smart card, terminal, cardholder, each application on the card, and the application(s) stored on the terminal. A digital certificate is a packet of unique information in digital data form that is used for identification of a party in the encryption arena. The certificate is issued by an independent and trusted third party, known as the "certifying authority". Every participant, including the smart card, the terminal, and the cardholder, trust the certifying authority. Example certifying authorities in the financial environment include the federal reserve or a bank.

Each assigned certificate contains an expiration date, the holder's serial number, a public encryption key unique to the holder, information pertaining to the domain or environment within which the holder may operate (e.g., financial, frequent flyer, health, etc.), and any other information appropriate to establish communication. Thus, the smart card has its own unique public key, as does the terminal and each application.

Before continuing discussion on the authentication system, it would be beneficial to briefly discuss encryption techniques, and how the digital certificates are used. There are different encryption techniques available and in use today. This invention can be used with any type of encryption technique. For the sake of explanation, the basics of one common encryption technique known as "RSA" (an acronym based on the initials of the creators of the encryption algorithm) are described below.

RSA encryption makes use of special mathematical functions referred to as "one-way" functions. According to one-way functions, one or more starting parameters can undergo a function to yield an intelligible result, but the inverse function operating on this result will not produce the starting parameters. In mathematical terms, a one-way function is represented as follows:

F(a)=b, but F-1 (b)≠a.

Such functions are used to produce private and public keys which are assigned to every party that wishes to participate in encrypting messages. The key set is unique and has the property that if one knows the public key Kpublic, one cannot guess the private key Kprivate. The public key Kpublic is published for everyone to use, while the private key Kprivate is kept secret by the holder.

For a message M that is encrypted via an encryption function E using one of the keys K, the following holds for this function:

E(Kpublic, M)=Mencrypted.sbsb.--1 

E(Kprivate, Mencrypted.sbsb.--1)=M

but,

E(Kpublic, Mencrypted.sbsb.--1)≠M

Additionally,

E(Kprivate, M)=Mencrypted.sbsb.--2 

E(Kpublic, Mencrypted.sbsb.--2)=M

but,

E(Kprivate, Mencrypted.sbsb.--2)≠M

Accordingly, in the context of our ATM example, if the smart card encrypts a message using the terminal's public key, only the terminal can decrypt it. Conversely, if the smart card encrypts a message using its private key (which only the smart card can do since no one else has access to this private key), any other party can decrypt the text using the smart card's public key which is widely known.

To establish communication, the smart card uses the terminal's public key that it received in the terminal's certificate to send a message. Only the terminal can decrypt the message using its private key. Similarly, the terminal can encrypt a reply message using the smart card's public key and only the smart card can decrypt the message. This raises a new issue. When the terminal or smart card receives an encrypted message that is supposedly from the other, how does the receiving party really know if it came from the other?.

To solve this dilemma, encryption algorithms introduce "digital signatures" which are employed to ensure that the appropriate parties are communicating with each other. Thus, when the smart card encrypts a message using the terminal's public key, it tags a personalized digital signature onto the message. The smart card encrypts the combined message using its own private key. The resulting communication is represented as follows:

E(KSC.sbsb.--private, E(KT.sbsb.--public, M)+SC Signature)

The terminal receives the communication and decrypts it using the smart card's public key. This decryption yields a scrambled part that contains the encrypted message and a legible part that consists of the smart card's signature. Since the communication was decrypted using the smart card's public key, it follows from the above discussion of the one-way encryption function E that only the smart card (using its private key) could have encrypted the entire communication. Thus, upon seeing the smart card's digital signature, the terminal is assured that the communication truly came from the smart card. The terminal discards the digital signature and then decrypts the other part using its own private key to obtain the original message M.

Note that any party can intercept the communication between the smart card and terminal and use the smart card's public key to determine that the communication came from the smart card. However, that intercepting party cannot decipher the encrypted message because they do not know the terminal's private key.

This encryption scheme therefore ensures for the receiving party (i.e., the terminal in this example) that the communication is from the desired sending party (i.e., the smart card) and that only the receiving party can read the original message.

The encryption scheme only works, however, if the terminal and smart card trust each other's identity. Accordingly, the "certifying authority" is introduced as a trusted third party to the transaction. The terminal and smart card each prove their identity to the satisfaction of the certifying authority and deposit their public keys with this authority. In turn, the certifying authority issues a digital certificate that contains an expiration date, the holder's serial number, a public encryption key unique to the holder, information pertaining to the domain or environment within which the holder may operate (e.g., financial, frequent flyer, health, etc.), and any other information appropriate to establish communication. The identification information is encrypted using the certifying authority's private key, as follows:

Certificate=E(KCA.sbsb.--private, "Expiration, Card Serial#, KSC.sbsb.--public, etc.")

During the initial communication in the authentication phase, the smart card and terminal exchange their certificates. Both the smart card and terminal decipher the other's certificate using the certifying authority's public key. The smart card and terminal can be assured that it is the other legitimate party if the certificate deciphers into intelligible information. It is practically impossible for either the terminal or smart card to construct a fraudulent certificate because neither knows the private key of the certifying authority.

To continue discussion of the authentication process of this invention, please refer to FIGS. 4-6 which diagrammatically illustrate authenticating a financial transaction at an ATM smart card terminal. Following the startup phase, smart card 10 and terminal 32 exchange their respective certificates as shown in FIG. 4. More particularly, smart card 10 sends its card-related certificate 40 to terminal 32 and the terminal sends its terminal-relates certificate 42 to smart card 10. These initial certificates are sent over an open, unsecured channel.

It is noted that the communication channel in an ATM is likely to be a direct or proximal coupling between the smart card and terminal. However, in another implementation, a terminal might be communicating remotely with a personal digital assistance or watch via radio or optical communication. Accordingly, this invention contemplates various electronic and communication means for exchanging certificates over an unsecured communication path, including direct and remote coupling. An example direct exchanging means includes hardware and software in the terminal's and smart card's CPUs for coordinating digital transfer of certificates over physical conductors present in both the terminal and smart card. Example remote exchanging means include components (hardware, software, transmitters, receivers, etc.) used to enable the swapping of certificate using optical transmission, radio transmission, magnetic transmission, or infrared transmission.

As shown in FIG. 5, terminal 32 and smart card 10 use the certificates to establish the authenticity of each to the other. The smart card, for example, has decryption firmware loaded in its CPU to decipher the certificate from terminal 32 using the certifying authority's public key in the manner described above. The smart card CPU learns the identity of the terminal from the deciphered certificate. This permits the smart card to verify the authenticity of the terminal. The terminal has a similar intelligence to verify the authenticity of the smart card.

The smart card and terminal also use each others' public keys obtained from the certificates to create an encrypted communication channel 44 that is secure to outsiders. Although outsiders can still intercept messages, they will not be able to decipher them for the reasons given above during discussion of basic encryption schemes.

FIG. 5 also shows a second authentication level according to this invention. Once communication between the smart card and terminal is established, one of the many applications stored on the smart card is selected. In our continuing example, the financial/banking application on the card is selected from among other applications (such as frequent flyer mileage, health care, etc.) to interface with the compatible financial/banking application resident at the ATM terminal. The application-related certificates 46 and 48 associated with the selected application are then exchanged between terminal 32 and smart card 10 over encrypted channel 44. These application-related certificates 46 and 48 are used to authenticate the applications resident at the terminal and smart card. That is, the decryption and verification firmware in the smart card CPU and similar software at the terminal use the identification information in the exchanged application-related certificates to authenticate the selected card application and the compatible terminal application.

The additional, application level of authentication enhances security by preventing an unscrupulous party from placing a fake application on an otherwise authenticated terminal or smart card. For instance, a high-tech thief might try to program a smart card with an imitation application designed to access and alter bank records. If the imitation application does not have the necessary certificate and digital signature of a certifying authority, the terminal will quickly ascertain that it is not an authenticate application and reject the smart card as fake before conducting any transaction.

Similarly, the application level authentication helps prevent transactions from occurring at a fraudulent terminal. Suppose, for example, a person was able to load an imitation application on an otherwise authenticated terminal with the intention of gaining access to banking records kept on peoples' smart cards. If the smart card determines that the terminal-resident application is not authenticate, it will cease all communication and forego conducting any transaction.

It is noted that the decryption/verification intelligence provided at both the smart card and terminal form an example authentication means for verifying the authenticity of the smart card, terminal, and applications to each other.

FIG. 6 shows a third level in the authentication scheme of this invention. Thus far only the card, terminal, and application have been authenticated. It is also desirable to verify that the person requesting the transaction is the authorized cardholder. A unique PIN (Personal Identification Number) 50 is assigned to the cardholder. During the authentication phase, a user is requested to enter his/her PIN 50 via input keypad 36. Terminal 32 passes PIN 50 directly to smart card 10 so that it can verify the identity of the cardholder. The smart card compares the entered PIN with a stored PIN that associated with the true cardholder. If the entered PIN matches, the user is deemed authentic to the smart card. This third authentication level even further improves security as now all relevant participants (card, terminal, application, and user) are authenticated.

The transaction phase of the session is preferably conducted only after the multi-level authentication phase is completed. Here, any banking transactions are performed only after the smart card, terminal, application, and user have been authenticated. Only then will sensitive information be permitted to flow between the smart card and terminal. This information is likewise encrypted and sent over secure channel 44. When all desired transactions are conducted, the card is withdrawn from the ATM terminal and the session is terminated.

FIGS. 7 and 8 show a method for authenticating a smart card transaction according to this invention. At step 100, a certificate is assigned to the smart card. The card-related certificate has a digital signature of a certified authority and a public key unique to the card for use in data encryption. At step 102, a certificate is assigned to the terminal. In a like manner, the terminal-related certificate has a digital signature of the certified authority and a public key unique to the terminal. At step 104, a certificate is assigned to each application stored on the smart card and to the application at the terminal. Each application-related certificate also contains a digital signature of the certified authority and a public key unique to the associated application. At step 106, a unique PIN is assigned to the cardholder.

At step 108, a transactional session is commenced between the smart card and the terminal. In our ATM example, the session commences when the smart card is inserted into the card reader slot of the terminal; although in other implementations, the card may not actually be inserted into anything. At step 110, the card-related certificate is passed from the smart card to the terminal. Concurrently, the terminal-related certificate is passed from the terminal to the smart card (step 112). The smart card and terminal authenticate each other based upon the information and digital signatures contained in their exchanged certificates (steps 114 and 116).

Through the use of encryption techniques, the messages between the terminal and smart card can now be sent over a communication path that is considered to be secure from the standpoint that third parties will be unable to decipher the exchanged messages (step 118). At step 120, the cardholder enters his/her PIN at the terminal. The PIN is passed from the terminal to the smart card so that the smart card can authenticate the user (steps 122 and 124).

At step 126, one of the applications stored on the smart card is selected. As noted above, this selection might be made by the user, the smart card, or the terminal. The application-related certificates are then exchanged between the smart card and terminal (step 128). The identity information and digital signatures of the certifying authority contained in the certificates are used to authenticate each application (step 130). After all three levels of authentication--smart card/terminal, cardholder, and application--the desired transaction(s) is performed (step 132) using encrypted information exchanged between the terminal and smart card.

In the above ATM example, the three-tiered authentication system is used because it yields a highest security level. However, there are other applications and environments where such high security is not important. For instance, suppose that a terminal is configured as a soda pop machine. It would be desirable to permit the smart card to make the purchase of an inexpensive soda pop drink without having to go through the multiple authentication steps. In this case, it might be enough security to simply authenticate the terminal by examining if it has an unexpired certificate.

This leads to another aspect of this invention. The authentication system of this invention can be configured to accommodate different security levels. Preferably, the security levels are established based upon the type of terminal. In general, there are three types of terminals: unsecured, secured off-line, and secured on-line. An unsecured terminal is one that has not been authenticated. A secured off-line terminal is one that is an off-line stand alone machine (i.e., one that is not connected on-line to another computer system) which has been authenticated by an unexpired certificate. A secured on-line terminal is one that is on-line with another computer system and has been authenticated by an unexpired certificate.

The type of terminal is added as part of the identity information contained in the terminal-related certificate. Different security levels are established based upon these terminal types. During a transaction, the appropriate security level is ascertained by the smart card based upon the terminal type information contained in the terminal-related certificate. In addition, value limits can be set for associated security levels for any transaction that is conducted during a transactional session. The following table provides an example implementation of a five-level security protocol according to this invention.

______________________________________SecurityLevel Terminal Type     Value  Example Application______________________________________0     Not Authenticated    0   Dispatch Name,                          Address of Firm1     Off-Line; Authenticated via                    ≦$5                          Soda Pop Machine Unexpired Certificate2     On-Line; Authenticated via                   ≦$50                          Purchasing Tickets Unexpired Certificate    for Sporting Event3     Off-Line; Authenticated via                   No     Long Distance Unexpired Certificate and                   Limit  Telephone Call User PIN4     On-Line; Authenticated via                   No     ATM Transaction Unexpired Certificate and                   Limit User PIN______________________________________

FIG. 9 shows a flow diagram of a method for conducting a smart card transaction using the security levels from the above table. At step 150, the five security levels are established based upon the different categories of terminals. At step 152, the smart card determines the type of terminal (from the terminal-related certificate) and ascertains the appropriate security level. Depending upon the security level, the authentication system limits the value of a transaction in those instances where low security terminals are involved.

At decisional step 154, it is determined whether the terminal is unsecured, thereby having a security level 0. If it is (i.e., the "yes" branch), there is no way to authenticate the terminal (step 156) and thus no way to trust the terminal. As a result, the smart card will only output public information, such as the cardholder name, address, and social security number (step 158).

If the terminal is not at security level 0 (i.e., the "no" branch from step 154), the terminal is checked for the next security level 1 at step 160. If the terminal is an off-line terminal which has an unexpired certificate but does not require a PIN entry, the smart card designates this terminal as having a security level 1 which requires authentication of the terminal and application (step 162). Since there is less security in an off-line terminal, the value limit for any transaction at a level 1 terminal is less than or equal to five dollars (step 164).

At step 166, the smart card ascertains whether the terminal has a security level 2, meaning that the terminal is an on-line terminal which has an unexpired certificate but does not require a PIN entry. If the terminal meets this profile, the smart card authenticates the terminal and selected target application (step 168) and all transactions are limited to a slightly higher amount, say $50 (step 170).

At step 172, the smart card examines whether the terminal satisfies the profile for a security level 3, which is an off-line terminal having an unexpired certificate and requiring a PIN entry. If it satisfies the profile, the full three-level authentication scheme described above in detail is undertaken to authenticate the terminal, smart card, application, and cardholder (step 174). In this example, the value of this transaction is not limited to a specific dollar amount (step 176).

Finally, at step 178, the smart card determines whether the terminal is at the highest security level 4, meaning that the terminal is an on-line terminal which has an unexpired certificate and requires PIN entry. If the terminal is a level 4, the full authentication process is used (step 180) and the transactional value is not limited (step 182).

The multi-level security protocol promotes varying degrees of security depending upon the type of terminal and transaction to be undertaken. As a result, the smart card has tremendous flexibility and can be used for many different applications. For example, the same smart card can be used to transfer thousands of dollars between bank accounts or to buy a fifty cent soda pop drink. By limiting the dollar amount of transactions in less secure terminals, the smart card protects the cardholder's assets from any attempt to gain fraudulent access to them.

Another aspect of this invention concerns a smart card that is constructed to operate within the authentication system described above. With reference again to FIGS. 1 and 2, smart card 10 of this invention has memory (in the form of RAM 22, ROM 24, EEPROM 26, and possibly some limited memory within CPU 20) which can be used to store its card-related certificate, multiple applications, and corresponding application-related certificates for each application. As noted above, these applications may be in many diverse environments, including health care, financial/banking, frequent flyer, etc. One application might also be in the form of a file system capable of maintaining data in multiple different files. Such an application enables newly issued smart cards to be backwards compatible to emulate earlier versions of a smart card. The file systems are preferably constructed in compliance with the standards set forth in ISO 7816.

Smart card 10 also has a processor 20 which is programmed to: (1) output the card-related certificate to a terminal and to receive a terminal-related certificate from the terminal; (2) authenticate the terminal based upon the received terminal-related certificate; (3) select an application from among the multiple applications stored in the memory; (4) output an application-related certificate for the selected target application and receive an application-related certificate of a corresponding application resident at the terminal that is compatible with the selected application; and (5) authenticate the application resident at the terminal based upon the received application-related certificate therefrom. The processor has appropriate encryption/decryption software to enable it to send and receive encrypted messages.

In addition, the smart card is constructed to authenticate the cardholder via his or her associated PIN. The smart card has the correct PIN stored in its memory. When the entered PIN is received from the terminal, the smart card compares the entered PIN with the stored PIN to verify the authenticity of the cardholder.

The invention is not limited to the specific embodiments described in this specification, but shall be construed to cover equivalent embodiments.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US4969189 *Jun 19, 1989Nov 6, 1990Nippon Telegraph & Telephone CorporationAuthentication system and apparatus therefor
US5140634 *Oct 9, 1991Aug 18, 1992U.S Philips CorporationMethod and apparatus for authenticating accreditations and for authenticating and signing messages
US5276311 *Jul 1, 1992Jan 4, 1994Hartmut HennigeMethod and device for simplifying the use of a plurality of credit cards, or the like
US5473690 *Jan 16, 1992Dec 5, 1995Gemplus Card InternationalSecured method for loading a plurality of applications into a microprocessor memory card
US5544246 *Sep 17, 1993Aug 6, 1996At&T Corp.Smartcard adapted for a plurality of service providers and for remote installation of same
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
US5907832 *Nov 15, 1996May 25, 1999Koninklijke Ptt Nederland N.V.Method of debiting an electronic payment means
US5943423 *Dec 15, 1995Aug 24, 1999Entegrity Solutions CorporationSmart token system for secure electronic transactions and identification
US6003014 *Aug 22, 1997Dec 14, 1999Visa International Service AssociationMethod and apparatus for acquiring access using a smart card
US6016476 *Jan 16, 1998Jan 18, 2000International Business Machines CorporationPortable information and transaction processing system and method utilizing biometric authorization and digital certificate security
US6018717 *Aug 21, 1998Jan 25, 2000Visa International Service AssociationMethod and apparatus for acquiring access using a fast smart card transaction
US6035397 *Nov 14, 1997Mar 7, 2000Thomson Multimedia, S.A.Process for data certification by scrambling and certification system using such a process
US6038549 *Dec 22, 1997Mar 14, 2000Motorola IncPortable 1-way wireless financial messaging unit
US6055314 *Mar 22, 1996Apr 25, 2000Microsoft CorporationSystem and method for secure purchase and delivery of video content programs
US6076162 *Jan 21, 1998Jun 13, 2000International Business Machines CorporationCertification of cryptographic keys for chipcards
US6091818 *Jul 28, 1997Jul 18, 2000Thomson Multimedia, S.A.Conditional access system using messages with multiple encryption keys
US6094691 *May 21, 1998Jul 25, 2000Sgs-Thomson Microelectronics S.A.Method for the identification of an integrated circuit and associated device
US6128735 *Nov 25, 1997Oct 3, 2000Motorola, Inc.Method and system for securely transferring a data set in a data communications system
US6138240 *Jun 19, 1998Oct 24, 2000Compaq Computer CorporationSecure general purpose input/output pins for protecting computer system resources
US6151647 *Mar 26, 1998Nov 21, 2000GemplusVersatile interface smart card
US6173282 *Dec 29, 1997Jan 9, 2001Nortel Networks LimitedElectronic sealed envelope
US6178507 *Feb 2, 1998Jan 23, 2001Certicom Corp.Data card verification system
US6189097 *Mar 24, 1997Feb 13, 2001Preview Systems, Inc.Digital Certificate
US6199128 *Mar 26, 1998Mar 6, 2001Gemplus, S.C.A.Smart card system for use with peripheral devices
US6216227 *Jun 29, 1998Apr 10, 2001Sun Microsystems, Inc.Multi-venue ticketing using smart cards
US6247129Mar 10, 1998Jun 12, 2001Visa International Service AssociationSecure electronic commerce employing integrated circuit cards
US6257486 *Nov 23, 1998Jul 10, 2001Cardis Research & Development Ltd.Smart card pin system, card, and reader
US6266415 *Nov 12, 1997Jul 24, 2001Thomson Multimedia S.A.Process for protecting an information item transmitted from a security element to a decoder and protection system using such a process
US6311167 *Dec 22, 1997Oct 30, 2001Motorola, Inc.Portable 2-way wireless financial messaging unit
US6327652Jan 8, 1999Dec 4, 2001Microsoft CorporationLoading and identifying a digital rights management operating system
US6330670 *Jan 8, 1999Dec 11, 2001Microsoft CorporationDigital rights management operating system
US6435416 *Nov 20, 2000Aug 20, 2002Schlumberger SystémesMethod of authenticating a personal code of a user of an integrated circuit card
US6484259Nov 16, 1999Nov 19, 2002Microsoft CorporationMethods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
US6505193Dec 1, 1999Jan 7, 2003Iridian Technologies, Inc.System and method of fast biometric database searching using digital certificates
US6510523 *Feb 22, 1999Jan 21, 2003Sun Microsystems Inc.Method and system for providing limited access privileges with an untrusted terminal
US6549912Sep 23, 1998Apr 15, 2003Visa International Service AssociationLoyalty file structure for smart card
US6567915 *Oct 23, 1998May 20, 2003Microsoft CorporationIntegrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
US6581122Feb 7, 2000Jun 17, 2003GemplusSmart card which operates with the USB protocol
US6608911Aug 6, 2001Aug 19, 2003Digimarc CorporationDigitally watermaking holograms for use with smart cards
US6609199Apr 6, 1999Aug 19, 2003Microsoft CorporationMethod and apparatus for authenticating an open system application to a portable IC device
US6633984Jan 22, 1999Oct 14, 2003Sun Microsystems, Inc.Techniques for permitting access across a context barrier on a small footprint device using an entry point object
US6681214Jun 29, 1999Jan 20, 2004Assure Systems, Inc.Secure system for printing authenticating digital signatures
US6722986 *Nov 26, 1999Apr 20, 2004Aristocrat Technologies Australia Pty Ltd.Electronic casino gaming with authentication and improved security
US6736313May 9, 2000May 18, 2004Gilbarco Inc.Card reader module with pin decryption
US6745940Dec 6, 1999Jun 8, 2004Deutsche Telekom AgMethod for the secure handling of monetary or value units using prepaid data carriers
US6757824Dec 10, 1999Jun 29, 2004Microsoft CorporationClient-side boot domains and boot rules
US6769053Jun 10, 1999Jul 27, 2004Belle Gate Investment B.V.Arrangement storing different versions of a set of data in separate memory areas and method for updating a set of data in a memory
US6779112 *Nov 5, 1999Aug 17, 2004Microsoft CorporationIntegrated circuit devices with steganographic authentication, and steganographic authentication methods
US6782115Oct 28, 2002Aug 24, 2004Digimarc CorporationWatermark holograms
US6820063Jan 8, 1999Nov 16, 2004Microsoft CorporationControlling access to content based on certificates and access predicates
US6823520Jan 22, 1999Nov 23, 2004Sun Microsystems, Inc.Techniques for implementing security on a small footprint device using a context barrier
US6839772 *Sep 2, 1999Jan 4, 2005Inside TechnologiesChip card reader having contact and contactless operating modes
US6843422Dec 23, 2002Jan 18, 2005Digimarc CorporationContact smart cards having a document core, contactless smart cards including multi-layered structure, pet-based identification document, and methods of making same
US6850916Mar 2, 1999Feb 1, 2005Esignx CorporationPortable electronic charge and authorization devices and methods therefor
US6871278Jul 6, 2000Mar 22, 2005Lasercard CorporationSecure transactions with passive storage media
US6882737Jun 18, 2003Apr 19, 2005Digimarc CorporationDigitally watermarking holograms for identity documents
US6882984 *Jun 4, 1999Apr 19, 2005Bank One, Delaware, National AssociationCredit instrument and system with automated payment of club, merchant, and service provider fees
US6883716Dec 7, 1999Apr 26, 2005Sun Microsystems, Inc.Secure photo carrying identification device, as well as means and method for authenticating such an identification device
US6889198 *Jan 21, 1999May 3, 2005Citicorp Development Center, Inc.Method and system for tracking smart card loyalty points
US6907408Jun 4, 2002Jun 14, 2005Albert J. AngelHierarchical authentication process and system for financial transactions
US6907608Jan 22, 1999Jun 14, 2005Sun Microsystems, Inc.Techniques for permitting access across a context barrier in a small footprint device using global data structures
US6922835Jan 22, 1999Jul 26, 2005Sun Microsystems, Inc.Techniques for permitting access across a context barrier on a small footprint device using run time environment privileges
US6931126 *Jan 19, 2000Aug 16, 2005Lucent Technologies Inc.Non malleable encryption method and apparatus using key-encryption keys and digital signature
US6934664May 20, 2002Aug 23, 2005Palm, Inc.System and method for monitoring a security state of an electronic device
US6938164Nov 22, 2000Aug 30, 2005Microsoft CorporationMethod and system for allowing code to be securely initialized in a computer
US6954855 *Dec 23, 2004Oct 11, 2005Microsoft CorporationIntegrated circuit devices with steganographic authentication, and steganographic authentication methods
US6955299Dec 17, 1999Oct 18, 2005Centre For Wireless Communications Of National University Of SingaporeSystem and method for using a smart card
US6970827 *Mar 19, 2002Nov 29, 2005Gomed, LlcSystem and method for storing information on a wireless device
US6970854 *May 25, 2001Nov 29, 2005Hewlett-Packard Development Company, L.P.System for remote signature writing
US6978365Dec 16, 2004Dec 20, 2005Microsoft CorporationClient-side boot domains and boot rules
US6978380 *Jun 6, 2000Dec 20, 2005Commerciant, L.P.System and method for secure authentication of a subscriber of network services
US6981147 *Jan 14, 2000Dec 27, 2005International Business Machines CorporationCertification of multiple keys with new base and supplementary certificate types
US6988204Apr 16, 2002Jan 17, 2006Nokia CorporationSystem and method for key distribution and network connectivity
US6993654Dec 12, 2000Jan 31, 2006Fujitsu LimitedSecure encryption processor with tamper protection
US6996213Sep 29, 1998Feb 7, 2006Sun Microsystems, Inc.Superposition of data over voice
US6996543 *Oct 29, 1998Feb 7, 2006International Business Machines CorporationSystem for protection of goods against counterfeiting
US7010684Jul 14, 2003Mar 7, 2006Microsoft CorporationMethod and apparatus for authenticating an open system application to a portable IC device
US7016666 *Mar 18, 2002Mar 21, 2006Swisscom Mobile AgMethod for verifying in a mobile device the authenticity of electronic certificates issued by a certification authority and corresponding identification module
US7020740Dec 6, 2000Mar 28, 2006Sun Microsystems, Inc.Computer arrangement using non-refreshed DRAM
US7020772Sep 22, 2003Mar 28, 2006Microsoft CorporationSecure execution of program code
US7047409 *Oct 16, 2000May 16, 2006Northrop Grumman CorporationAutomated tracking of certificate pedigree
US7051205 *Aug 25, 2000May 23, 2006Hitachi, Ltd.Sheet-shaped medium, method and apparatus for determination of genuineness or counterfeitness of the same, and apparatus for issuing certificate
US7055033 *May 21, 2004May 30, 2006Microsoft CorporationIntegrated circuit devices with steganographic authentication and steganographic authentication methods
US7055041 *Sep 21, 2000May 30, 2006International Business Machines CorporationControlled use of devices
US7069439Mar 3, 2000Jun 27, 2006Hewlett-Packard Development Company, L.P.Computing apparatus and methods using secure authentication arrangements
US7080261Dec 7, 1999Jul 18, 2006Sun Microsystems, Inc.Computer-readable medium with microprocessor to control reading and computer arranged to communicate with such a medium
US7085840Oct 29, 2001Aug 1, 2006Sun Microsystems, Inc.Enhanced quality of identification in a data communications network
US7093122Jan 22, 1999Aug 15, 2006Sun Microsystems, Inc.Techniques for permitting access across a context barrier in a small footprint device using shared object interfaces
US7103778 *Aug 30, 2001Sep 5, 2006Sony CorporationInformation processing apparatus, information processing method, and program providing medium
US7107463Aug 18, 2005Sep 12, 2006Microsoft CorporationManifest-based trusted agent management in a trusted operating system environment
US7111176Mar 31, 2000Sep 19, 2006Intel CorporationGenerating isolated bus cycles for isolated execution
US7119662Sep 21, 2000Oct 10, 2006Hitachi, Ltd.Service system, information processing system and interrogator
US7137004Nov 16, 2001Nov 14, 2006Microsoft CorporationManifest-based trusted agent management in a trusted operating system environment
US7139915Oct 19, 2005Nov 21, 2006Microsoft CorporationMethod and apparatus for authenticating an open system application to a portable IC device
US7140549Feb 24, 2004Nov 28, 2006Sun Microsystems, Inc.Method and apparatus for selecting a desired application on a smart card
US7145991Jan 9, 2004Dec 5, 2006Sun Microsystem, Inc.Superposition of data over voice
US7147150 *Nov 25, 2003Dec 12, 2006Fujitsu LimitedPersonal identification terminal and method having selectable identification means or identification levels
US7159240Nov 16, 2001Jan 2, 2007Microsoft CorporationOperating system upgrades in a trusted operating system environment
US7159241 *Sep 21, 2000Jan 2, 2007Hitachi, Ltd.Method for the determination of soundness of a sheet-shaped medium, and method for the verification of data of a sheet-shaped medium
US7162456Jun 5, 2002Jan 9, 2007Sun Microsystems, Inc.Method for private personal identification number management
US7165246Jan 16, 2003Jan 16, 2007Sun Microsystems, Inc.Optimized representation of data type information in program verification
US7165718 *Dec 30, 2002Jan 23, 2007Pathway Enterprises, Inc.Identification of an individual using a multiple purpose card
US7165727Feb 24, 2004Jan 23, 2007Sun Microsystems, Inc.Method and apparatus for installing an application onto a smart card
US7167843Jun 5, 2002Jan 23, 2007Sun Microsystems, Inc.Apparatus for private personal identification number management
US7174457Mar 10, 1999Feb 6, 2007Microsoft CorporationSystem and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US7185110Apr 16, 2002Feb 27, 2007Sun Microsystems, Inc.Data exchange system comprising portable data processing units
US7185193 *Aug 30, 2001Feb 27, 2007Sony CorporationPerson authentication system, person authentication method, and program providing medium
US7191288Feb 24, 2004Mar 13, 2007Sun Microsystems, Inc.Method and apparatus for providing an application on a smart card
US7194092Jan 8, 1999Mar 20, 2007Microsoft CorporationKey-based secure storage
US7197596Feb 2, 2006Mar 27, 2007Sun Microsystems, Inc.Computer arrangement using non-refreshed DRAM
US7222331Jan 16, 2003May 22, 2007Sun Microsystems, Inc.Linking of virtual methods
US7225337 *May 23, 2003May 29, 2007Swisscom Mobile AgCryptographic security method and electronic devices suitable therefor
US7237123Nov 20, 2001Jun 26, 2007Ecd Systems, Inc.Systems and methods for preventing unauthorized use of digital content
US7243230Nov 16, 2001Jul 10, 2007Microsoft CorporationTransferring application secrets in a trusted operating system environment
US7243238 *Aug 30, 2001Jul 10, 2007Sony CorporationPerson authentication system, person authentication method, information processing apparatus, and program providing medium
US7254561May 14, 1998Aug 7, 2007Comex Electronics AbMethod and device for performing electronic transactions
US7254706 *Jun 29, 2001Aug 7, 2007Hewlett-Packard Development Company, L.P.System and method for downloading of files to a secure terminal
US7257707Aug 18, 2005Aug 14, 2007Microsoft CorporationManifest-based trusted agent management in a trusted operating system environment
US7257708Aug 25, 2005Aug 14, 2007Microsoft CorporationSteganographic authentication
US7272830Jan 16, 2003Sep 18, 2007Sun Microsystems, Inc.Ordering program data for loading on a device
US7273169Oct 19, 2004Sep 25, 2007Sun Microsystems, Inc.Secure photo carrying identification device, as well as means and method for authenticating such an identification device
US7275160 *Aug 17, 2001Sep 25, 2007Hewlett-Packard Development Company, L.P.Trusted system
US7275260Oct 29, 2001Sep 25, 2007Sun Microsystems, Inc.Enhanced privacy protection in identification in a data communications network
US7278025Sep 10, 2003Oct 2, 2007Ivi Smart Technologies, Inc.Secure biometric verification of identity
US7278580Aug 2, 2005Oct 9, 2007Digimarc CorporationIdentification document with integrated circuit and antenna in a layered document structure
US7280984May 14, 2003Oct 9, 2007Phelan Iii FrankMoney card system, method and apparatus
US7281244Jan 16, 2003Oct 9, 2007Sun Microsystems, Inc.Using a digital fingerprint to commit loaded data in a device
US7283630Jan 21, 2000Oct 16, 2007Assure Systems, Inc.Verification of authenticity of goods by use of random numbers
US7287272Jul 25, 2000Oct 23, 2007Giesecke & Devrient GmbhMethod, data carrier and system for authentication of a user and a terminal
US7290288Aug 29, 2002Oct 30, 2007Prism Technologies, L.L.C.Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
US7293717Jun 7, 2005Nov 13, 2007Centre For Wireless Communications Of National University Of SingaporeMethod for recovering information stored in a smart card
US7302709Sep 7, 2005Nov 27, 2007Microsoft CorporationKey-based secure storage
US7305104Nov 17, 2004Dec 4, 2007Digimarc CorporationAuthentication of identification documents using digital watermarks
US7305117Jul 11, 2006Dec 4, 2007Digimarc CorporationMethods and tangible objects employing machine readable data
US7305553Aug 18, 2005Dec 4, 2007Microsoft CorporationManifest-based trusted agent management in a trusted operating system environment
US7309004 *Dec 26, 2003Dec 18, 2007Diebold Self-Service Systems, Division Of Diebold, IncorporatedCash dispensing automated banking machine firmware authentication system and method
US7314164 *Jul 1, 2004Jan 1, 2008American Express Travel Related Services Company, Inc.System for biometric security using a smartcard
US7314165Jul 1, 2004Jan 1, 2008American Express Travel Related Services Company, Inc.Method and system for smellprint recognition biometrics on a smartcard
US7318550Jul 1, 2004Jan 15, 2008American Express Travel Related Services Company, Inc.Biometric safeguard method for use with a smartcard
US7325724 *Jul 1, 2004Feb 5, 2008American Express Travel Related Services Company, Inc.Method for registering a biometric for use with a smartcard
US7328453May 9, 2002Feb 5, 2008Ecd Systems, Inc.Systems and methods for the prevention of unauthorized use and manipulation of digital content
US7341181 *Jul 1, 2004Mar 11, 2008American Express Travel Related Services Company, Inc.Method for biometric security using a smartcard
US7343351Aug 31, 2000Mar 11, 2008American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions
US7356682May 7, 2003Apr 8, 2008Microsoft CorporationAttesting to a value of a register and/or memory region
US7360039Jun 21, 2004Apr 15, 2008Belle Gate Investment B.V.Arrangements storing different versions of a set of data in separate memory areas and method for updating a set of data in a memory
US7360091 *Jun 25, 2003Apr 15, 2008Hitachi, Ltd.Secure data transfer method of using a smart card
US7362870Apr 17, 2002Apr 22, 2008Sony CorporationMethod and apparatus for recording/playing back information
US7363504Jul 1, 2004Apr 22, 2008American Express Travel Related Services Company, Inc.Method and system for keystroke scan recognition biometrics on a smartcard
US7366703 *Jan 4, 2001Apr 29, 2008American Express Travel Related Services Company, Inc.Smartcard internet authorization system
US7374099Feb 24, 2004May 20, 2008Sun Microsystems, Inc.Method and apparatus for processing an application identifier from a smart card
US7395535Nov 22, 2004Jul 1, 2008Sun Microsystems, Inc.Techniques for permitting access across a context barrier in a small footprint device using global data structures
US7411546Jul 11, 2007Aug 12, 2008Telecommunication Systems, Inc.Other cell sites used as reference point to cull satellite ephemeris information for quick, accurate assisted locating satellite location determination
US7415620Dec 22, 2006Aug 19, 2008Microsoft CorporationSystem and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US7424293Dec 2, 2003Sep 9, 2008Telecommunication Systems, Inc.User plane location based service using message tunneling to support roaming
US7424606May 7, 2003Sep 9, 2008Microsoft CorporationSystem and method for authenticating an operating system
US7424612Nov 8, 2006Sep 9, 2008Microsoft CorporationSaving and retrieving data based on symmetric key encryption
US7434263May 7, 2003Oct 7, 2008Microsoft CorporationSystem and method for secure storage data using a key
US7438234Sep 25, 2007Oct 21, 2008American Express Travel Related Services Company, Inc.System for biometric security using a smartcard
US7441697Jun 7, 2007Oct 28, 2008American Express Travel Related Services Company, Inc.Limited use pin system and method
US7443984Apr 2, 2001Oct 28, 2008Sony CorporationInformation processing system and method for distributing encrypted message data
US7445149Sep 25, 2007Nov 4, 2008American Express Travel Related Services Company, Inc.System for biometric security using a smartcard
US7448538Jul 13, 2007Nov 11, 2008American Express Travel Related Services Company, Inc.Limited use pin system and method
US7451924Sep 21, 2007Nov 18, 2008American Express Travel Related Services Company, Inc.System for biometric security using a smartcard
US7451925Sep 21, 2007Nov 18, 2008American Express Travel Related Services Company, Inc.System for biometric security using a smartcard
US7457412Dec 22, 2006Nov 25, 2008Microsoft CorporationSystem and method for authenticating an operating system to a central processing unit, providing the CPU/OS with secure storage, and authenticating the CPU/OS to a third party
US7471236Apr 10, 2006Dec 30, 2008Telecommunication Systems, Inc.Cellular augmented radar/laser detector
US7472092Oct 4, 2007Dec 30, 2008Patricia PhelanMoney order device with identity verification and method
US7472276Jul 1, 2002Dec 30, 2008Certicom Corp.Data card verification system
US7472827Oct 7, 2004Jan 6, 2009American Express Travel Related Services Company, Inc.Limited use PIN system and method
US7475250 *Dec 19, 2001Jan 6, 2009Northrop Grumman CorporationAssignment of user certificates/private keys in token enabled public key infrastructure system
US7478389Nov 22, 2004Jan 13, 2009Sun Microsystems, Inc.Techniques for implementing security on a small footprint device using a context barrier
US7484095Jan 16, 2003Jan 27, 2009Sun Microsystems, Inc.System for communicating program data between a first device and a second device
US7487365Apr 4, 2003Feb 3, 2009Microsoft CorporationSaving and retrieving data based on symmetric key encryption
US7489273Jul 12, 2007Feb 10, 2009Telecommunication Systems, Inc.Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US7497375Sep 26, 2007Mar 3, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using smellprint recognition
US7505941May 11, 2005Mar 17, 2009American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions using biometrics
US7506806Sep 26, 2007Mar 24, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using fingerprint recognition
US7508955Oct 26, 2007Mar 24, 2009Digimarc CorporationAuthentication of objects using steganography
US7509683 *Aug 26, 2002Mar 24, 2009Hewlett-Packard Development Company, L.P.System and method for authenticating digital content
US7510115Sep 26, 2007Mar 31, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using auditory scan recognition
US7512786Apr 6, 2004Mar 31, 2009Microsoft CorporationClient-side boot domains and boot rules
US7512802Feb 27, 2004Mar 31, 2009Panasonic CorporationApplication authentication system, secure device, and terminal device
US7519985Jul 30, 2002Apr 14, 2009Sony CorporationRadio communication system, radio communication control apparatus, radio communication control method, recording medium, and computer program
US7523860Sep 26, 2007Apr 28, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using facial scan recognition
US7526449Apr 17, 2001Apr 28, 2009Jpmorgan Chase Bank N.A.Optically encoded card and system and method for using
US7526555Mar 25, 2003Apr 28, 2009Toshiba CorporationSmart card printing
US7526625 *Jan 30, 2004Apr 28, 2009Panasonic CorporationSemiconductor memory card, and program for controlling the same
US7529919May 7, 2003May 5, 2009Microsoft CorporationBoot blocks for software
US7530493Sep 26, 2007May 12, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using iris scan recognition
US7533827Sep 26, 2007May 19, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using signature recognition
US7543335Feb 25, 2005Jun 2, 2009Microsoft CorporationMethod and system for allowing code to be securely initialized in a computer
US7543336May 7, 2003Jun 2, 2009Microsoft CorporationSystem and method for secure storage of data using public and private keys
US7546946Jun 28, 2005Jun 16, 2009Kanzaki Specialty Papers, Inc.Multifunction, direct thermal recording material
US7549057Feb 4, 2005Jun 16, 2009Lasercard CorporationSecure transactions with passive storage media
US7555361 *Dec 21, 2001Jun 30, 2009Sony CorporationApparatus, system and method for electronic ticket management and electronic ticket distribution authentication
US7561691Nov 12, 2001Jul 14, 2009Palm, Inc.System and method for providing secured access to mobile devices
US7565697Sep 21, 2001Jul 21, 2009Ecd Systems, Inc.Systems and methods for preventing unauthorized use of digital content
US7571461 *Sep 29, 2004Aug 4, 2009International Business Machines CorporationPersonal website for electronic commerce on a smart Java card with multiple security check points
US7577839Feb 28, 2005Aug 18, 2009Microsoft CorporationTransferring application secrets in a trusted operating system environment
US7577840Feb 28, 2005Aug 18, 2009Microsoft CorporationTransferring application secrets in a trusted operating system environment
US7587369Jul 27, 2007Sep 8, 2009Intertrust Technologies CorporationTrusted and secure techniques, systems and methods for item delivery and execution
US7587589Nov 8, 2006Sep 8, 2009Microsoft CorporationSaving and retrieving data based on symmetric key encryption
US7593875Mar 10, 2003Sep 22, 2009Jp Morgan Chase BankFinancial system for isolated economic environment
US7594612Sep 27, 2007Sep 29, 2009American Express Travel Related Services Company, Inc.Smartcard transaction method and system using retinal scan recognition
US7596531Jun 5, 2002Sep 29, 2009Sun Microsystems, Inc.Method and apparatus for protecting against side channel attacks against personal identification numbers
US7597265Sep 27, 2007Oct 6, 2009American Express Travel Related Services Company, Inc.Method and system for vascular scan recognition with a smartcard
US7606632 *Jun 16, 2004Oct 20, 2009Cryovac, Inc.Apparatus for dispensing activated monitoring devices
US7607175Sep 9, 2003Oct 20, 2009Sun Microsystems, Inc.Techniques for permitting access across a context barrier on a small footprint device using an entry point object
US7607576Feb 23, 2005Oct 27, 2009Gilbarco, Inc.Local zone security architecture for retail environments
US7624441 *Jan 17, 2002Nov 24, 2009Elad BarkanCA in a card
US7627531Mar 7, 2001Dec 1, 2009American Express Travel Related Services Company, Inc.System for facilitating a transaction
US7629926Jul 12, 2007Dec 8, 2009Telecommunication Systems, Inc.Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US7634661Aug 18, 2005Dec 15, 2009Microsoft CorporationManifest-based trusted agent management in a trusted operating system environment
US7635084Dec 4, 2006Dec 22, 2009Esignx CorporationElectronic transaction systems and methods therefor
US7653939 *Jul 23, 2001Jan 26, 2010Sony CorporationData processing system, data processing method, data processing apparatus, license system, and program providing medium
US7694330Jan 2, 2004Apr 6, 2010Industrial Technology Research InstitutePersonal authentication device and system and method thereof
US7711152Apr 30, 1999May 4, 2010Davida George ISystem and method for authenticated and privacy preserving biometric identification systems
US7721341Jun 15, 2005May 18, 2010Microsoft CorporationMethod and system for allowing code to be securely initialized in a computer
US7734924Jan 26, 2006Jun 8, 2010Identrust, Inc.System and method for transparently providing certificate validation and other services within an electronic transaction
US7735132Aug 4, 2005Jun 8, 2010Research In Motion LimitedSystem and method for encrypted smart card PIN entry
US7740168Jun 18, 2007Jun 22, 2010Visa U.S.A. Inc.Method and system for generating a dynamic verification value
US7742995Mar 23, 2007Jun 22, 2010Mastercard International, Inc.Pre-authenticated identification token
US7752456Nov 8, 2006Jul 6, 2010Microsoft CorporationSaving and retrieving data based on symmetric key encryption
US7764219Oct 21, 2008Jul 27, 2010Telecommunication Systems, Inc.Cellular augmented radar/laser detector
US7765161May 4, 2004Jul 27, 2010Identrust, Inc.System and method for providing payment services in electronic commerce
US7765397Nov 8, 2006Jul 27, 2010Microsoft CorporationGenerating, migrating or exporting bound keys
US7779267 *Sep 4, 2001Aug 17, 2010Hewlett-Packard Development Company, L.P.Method and apparatus for using a secret in a distributed computing system
US7782254Aug 9, 2006Aug 24, 2010Telecommunication Systems, Inc.Culled satellite ephemeris information based on limiting a span of an inverted cone for locating satellite in-range determinations
US7801829Dec 12, 2007Sep 21, 2010American Express Travel Related Services Company, Inc.Smartcard internet authorization system
US7810165 *Jun 18, 2007Oct 5, 2010Visa U.S.A. Inc.Portable consumer device configured to generate dynamic authentication data
US7813727 *Apr 6, 2006Oct 12, 2010Swisscom AgPortable radio receiver with an identification module
US7818264Jun 12, 2007Oct 19, 2010Visa U.S.A. Inc.Track data encryption
US7819322Jun 18, 2007Oct 26, 2010Visa U.S.A. Inc.Portable consumer device verification system
US7822209Jun 6, 2006Oct 26, 2010Red Hat, Inc.Methods and systems for key recovery for a token
US7822987Nov 26, 2008Oct 26, 2010Certicom Corp.Data card verification system
US7823792Apr 29, 2004Nov 2, 2010L-1 Secure Credentialing, Inc.Contact smart cards having a document core, contactless smart cards including multi-layered structure, PET-based identification document, and methods of making same
US7825780Dec 7, 2005Nov 2, 2010Telecommunication Systems, Inc.Cellular augmented vehicle alarm notification together with location services for position of an alarming vehicle
US7828218Jul 20, 2000Nov 9, 2010Oracle America, Inc.Method and system of communicating devices, and devices therefor, with protected data transfer
US7836493Apr 24, 2003Nov 16, 2010Attachmate CorporationProxy server security token authorization
US7861091 *Oct 18, 2002Dec 28, 2010O2Micro International LimitedSmart card enabled secure computing environment system
US7886355Jun 30, 2006Feb 8, 2011Motorola Mobility, Inc.Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
US7890102Sep 5, 2008Feb 15, 2011TeleCommunicationUser plane location based service using message tunneling to support roaming
US7890771Apr 4, 2003Feb 15, 2011Microsoft CorporationSaving and retrieving data based on public key encryption
US7895405Mar 13, 2009Feb 22, 2011Panasonic CorporationSemiconductor memory card, and program for controlling the same
US7899450Apr 18, 2006Mar 1, 2011Telecommunication Systems, Inc.Cellular augmented radar/laser detection using local mobile network within cellular network
US7922080Apr 9, 2010Apr 12, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US7961915Apr 9, 2010Jun 14, 2011Davida George ISystem and method for authenticated and privacy preserving biometric identification systems
US7962744Apr 18, 2002Jun 14, 2011Ntt Docomo, Inc.Terminal communication system
US7965222May 26, 2010Jun 21, 2011Telecommunication Systems, Inc.Cellular augmented radar/laser detector
US7967193Apr 27, 2010Jun 28, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US7971783Apr 9, 2010Jul 5, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US7979351Oct 15, 2004Jul 12, 2011American Express Travel Related Services Company, Inc.Prepaid transaction card activation system and method
US7988039Dec 17, 2007Aug 2, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedCard activated cash dispensing automated banking machine firmware authentication system
US7992203May 24, 2006Aug 2, 2011Red Hat, Inc.Methods and systems for secure shared smartcard access
US7996324 *Sep 30, 2004Aug 9, 2011American Express Travel Related Services Company, Inc.Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia
US8016189Dec 21, 2009Sep 13, 2011Otomaku Properties Ltd., L.L.C.Electronic transaction systems and methods therefor
US8027697Sep 28, 2007Sep 27, 2011Telecommunication Systems, Inc.Public safety access point (PSAP) selection for E911 wireless callers in a GSM type system
US8049594May 25, 2005Nov 1, 2011Xatra Fund Mx, LlcEnhanced RFID instrument security
US8051470 *Jul 11, 2003Nov 1, 2011International Business Machines CorporationConsolidation of user directories
US8052047Apr 9, 2010Nov 8, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8052048Jun 8, 2010Nov 8, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8052049Jun 8, 2010Nov 8, 2011Diebold Self-Service Systems Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8074265Aug 31, 2006Dec 6, 2011Red Hat, Inc.Methods and systems for verifying a location factor associated with a token
US8089401Oct 29, 2009Jan 3, 2012Telecommunication Systems, Inc.Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US8098829Jun 6, 2006Jan 17, 2012Red Hat, Inc.Methods and systems for secure key delivery
US8099765Jun 7, 2006Jan 17, 2012Red Hat, Inc.Methods and systems for remote password reset using an authentication credential managed by a third party
US8100323May 31, 2006Jan 24, 2012Diebold Self-Service Systems Division Of Diebold, IncorporatedApparatus and method for verifying components of an ATM
US8112364Mar 22, 2010Feb 7, 2012Mastercard International, Inc.Pre-authenticated identification token
US8117125Jun 9, 2000Feb 14, 2012Citicorp Developement Center, Inc.Method and system for controlling certificate based open payment transactions
US8117667Jan 10, 2008Feb 14, 2012Sca Ipla Holdings Inc.Systems and methods for the prevention of unauthorized use and manipulation of digital content
US8121941Dec 14, 2006Feb 21, 2012American Express Travel Related Services Company, Inc.System and method for automatic reconciliation of transaction account spend
US8121955Jan 16, 2003Feb 21, 2012Oracle America, Inc.Signing program data payload sequence in program loading
US8123123Jun 8, 2010Feb 28, 2012Diebold Self-Service Systems, Division Of Diebold, IncorporatedAutomated banking machine that operates responsive to data bearing records
US8126458Feb 11, 2011Feb 28, 2012Telecommunication Systems, Inc.User plane location based service using message tunneling to support roaming
US8126889Oct 7, 2002Feb 28, 2012Telecommunication Systems, Inc.Location fidelity adjustment based on mobile subscriber privacy profile
US8127345Oct 30, 2007Feb 28, 2012Prism Technologies LlcMethod and system for managing access to protected computer resources provided via an internet protocol network
US8132236Mar 19, 2007Mar 6, 2012Hewlett-Packard Development Company, L.P.System and method for providing secured access to mobile devices
US8166529 *Jun 27, 2003Apr 24, 2012Nokia CorporationMethod and device for authenticating a user in a variety of contexts
US8176335Jun 26, 2008May 8, 2012Sandisk Technologies Inc.Removable computer with mass storage
US8180741Jun 6, 2006May 15, 2012Red Hat, Inc.Methods and systems for providing data objects on a token
US8185087Sep 17, 2008May 22, 2012Telecommunication Systems, Inc.Emergency 911 data messaging
US8214299Aug 18, 2010Jul 3, 2012American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions
US8214884Jun 25, 2004Jul 3, 2012Attachmate CorporationComputer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys
US8219805 *Dec 11, 2007Jul 10, 2012Adobe Systems IncorporatedApplication identification
US8225089Feb 23, 2001Jul 17, 2012Otomaku Properties Ltd., L.L.C.Electronic transaction systems utilizing a PEAD and a private key
US8261336 *Jun 15, 2005Sep 4, 2012Emc CorporationSystem and method for making accessible a set of services to users
US8261359Jun 1, 2010Sep 4, 2012Sca Ipla Holdings Inc.Systems and methods for preventing unauthorized use of digital content
US8275712Jul 11, 2011Sep 25, 2012American Express Travel Related Services Company, Inc.Prepaid transaction card activation system and method
US8275713Mar 14, 2012Sep 25, 2012American Express Travel Related Services Company, Inc.Prepaid transaction card activation system and method
US8276814 *Jul 10, 2009Oct 2, 2012Davis Kim CSystem and method for carrying out secure transactions
US8286865Apr 14, 2009Oct 16, 2012Lockstep Technologies Pty LtdAuthenticating electronic financial transactions
US8296575 *Jun 21, 2002Oct 23, 2012Nokia CorporationMethod for protecting electronic device, and electronic device
US8301300 *Oct 12, 1999Oct 30, 2012Card Technology CorporationSystem and method for smart card personalization
US8307211Sep 28, 2010Nov 6, 2012Certicom Corp.Data card verification system
US8315599Jul 8, 2011Nov 20, 2012Telecommunication Systems, Inc.Location privacy selector
US8325994Jun 13, 2011Dec 4, 2012Davida George ISystem and method for authenticated and privacy preserving biometric identification systems
US8328104 *Mar 30, 2009Dec 11, 2012Condel International Technologies Inc.Storage device management systems and methods
US8332637Jun 6, 2006Dec 11, 2012Red Hat, Inc.Methods and systems for nonce generation in a token
US8332935 *Jun 7, 2010Dec 11, 2012Research In Motion LimitedSystem and method for encrypted smart card pin entry
US8336664Nov 29, 2010Dec 25, 2012Telecommunication Systems, Inc.Telematics basic mobile device safety interlock
US8340296 *Jan 20, 2004Dec 25, 2012Samsung Electronics Co., Ltd.Method and system for registering and verifying smart card certificate for users moving between public key infrastructure domains
US8341411 *Aug 16, 2006Dec 25, 2012Research In Motion LimitedEnabling use of a certificate stored in a smart card
US8355526Mar 23, 2005Jan 15, 2013Digimarc CorporationDigitally watermarking holograms
US8356342Aug 31, 2006Jan 15, 2013Red Hat, Inc.Method and system for issuing a kill sequence for a token
US8364952Jun 6, 2006Jan 29, 2013Red Hat, Inc.Methods and system for a key recovery plan
US8374127 *Oct 26, 2009Feb 12, 2013Lg Electronics Inc.Digital broadcasting system and method of processing data in digital broadcasting system
US8375214 *May 27, 2005Feb 12, 2013Canon Kabushiki KaishaInformation processing apparatus, information processing method, and program therefor
US8375441Sep 1, 2010Feb 12, 2013Visa U.S.A. Inc.Portable consumer device configured to generate dynamic authentication data
US8387152 *Jun 27, 2008Feb 26, 2013Microsoft CorporationAttested content protection
US8387155Nov 11, 2010Feb 26, 2013Prism Technologies LlcSystem for managing access to protected computer resources
US8392301Sep 22, 2009Mar 5, 2013Jpmorgan Chase Bank, N.A.Financial system for isolated economic environment
US8396809May 14, 2002Mar 12, 2013Hewlett-Packard Development Company, L.P.Method for reducing purchase time
US8412927Jun 7, 2006Apr 2, 2013Red Hat, Inc.Profile framework for token processing system
US8423464Aug 16, 2012Apr 16, 2013American Express Travel Related Services Company, Inc.Prepaid transaction card activation system and method
US8423475Jul 13, 2011Apr 16, 2013American Express Travel Related Services Company, Inc.Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia
US8423476Apr 13, 2011Apr 16, 2013American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions
US8433658Apr 13, 2011Apr 30, 2013American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions
US8443198Oct 29, 2007May 14, 2013Intertrust Technologies CorporationTrusted and secure techniques for item delivery and execution
US8473417Jun 6, 2011Jun 25, 2013Oracle America, Inc.Signing program data payload sequence in program loading
US8482378 *Apr 24, 2007Jul 9, 2013Telcred AbAccess control system and method for operating said system
US8489506Sep 15, 2010Jul 16, 2013Visa U.S.A. Inc.Portable consumer device verification system
US8489513Apr 13, 2011Jul 16, 2013American Express Travel Related Services Company, Inc.Methods and apparatus for conducting electronic transactions
US8495380Jun 6, 2006Jul 23, 2013Red Hat, Inc.Methods and systems for server-side key generation
US8515414Jan 28, 2011Aug 20, 2013Telecommunication Systems, Inc.Cellular augmented radar/laser detection using local mobile network within cellular network
US8525681Oct 13, 2009Sep 3, 2013Telecommunication Systems, Inc.Location based proximity alert
US8528097Jul 20, 2007Sep 3, 2013Intertrust Technologies CorporationTrusted and secure techniques for item delivery and execution
US8572386 *Aug 4, 2004Oct 29, 2013Panasonic CorporationSecure device, information processing terminal, integrated circuit, terminal application generation apparatus, application authentication method
US8588415 *Nov 2, 2005Nov 19, 2013France TelecomMethod for securing a telecommunications terminal which is connected to a terminal user identification module
US8589695Jun 7, 2006Nov 19, 2013Red Hat, Inc.Methods and systems for entropy collection for server-side key generation
US8589701Jan 27, 2011Nov 19, 2013Microsoft CorporationSaving and retrieving data based on public key encryption
US8601286Jan 27, 2011Dec 3, 2013Microsoft CorporationSaving and retrieving data based on public key encryption
US8608065Oct 5, 2012Dec 17, 2013Lockstep Technologies Pty LtdAuthenticating electronic financial transactions
US8612357Jan 5, 2012Dec 17, 2013Mastercard International IncorporatedPre-authenticated identification token
US8621243Jan 27, 2011Dec 31, 2013Microsoft CorporationSaving and retrieving data based on public key encryption
US8626160Feb 23, 2012Jan 7, 2014Telecommunication Systems, Inc.User plane location based service using message tunneling to support roaming
US8636205Feb 8, 2013Jan 28, 2014Visa U.S.A. Inc.Method and system for generating a dynamic verification value
US8639940 *Feb 28, 2007Jan 28, 2014Red Hat, Inc.Methods and systems for assigning roles on a token
US8655309May 17, 2010Feb 18, 2014E2Interactive, Inc.Systems and methods for electronic device point-of-sale activation
US8661247Dec 15, 2010Feb 25, 2014CompuGroup Medical AGComputer implemented method for performing cloud computing on data being stored pseudonymously in a database
US8676672Aug 21, 2008Mar 18, 2014E2Interactive, Inc.Systems and methods for electronic delivery of stored value
US8677146Nov 3, 2010Mar 18, 2014CompuGroup Medical AGComputer implemented method for sending a message to a recipient user, receiving a message by a recipient user, a computer readable storage medium and a computer system
US8681044Dec 30, 2011Mar 25, 2014Telecommunication Systems, Inc.Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US8683230Jan 27, 2011Mar 25, 2014Microsoft CorporationSaving and retrieving data based on public key encryption
US8693690Dec 4, 2006Apr 8, 2014Red Hat, Inc.Organizing an extensible table for storing cryptographic objects
US8695106Dec 15, 2010Apr 8, 2014CompuGroup Medical AGComputer implemented method for analyzing data of a user with the data being stored pseudonymously in a database
US8698595Aug 7, 2012Apr 15, 2014QUALCOMM Incorporated4System and method for enhanced RFID instrument security
US8699705Nov 3, 2010Apr 15, 2014CompuGroup Medical AGComputer implemented method for generating a set of identifiers from a private key, computer implemented method and computing device
US8706630Sep 5, 2003Apr 22, 2014E2Interactive, Inc.System and method for securely authorizing and distributing stored-value card data
US8707024Aug 4, 2006Apr 22, 2014Red Hat, Inc.Methods and systems for managing identity management security domains
US8723641 *Jun 18, 2013May 13, 2014Telecred ABAccess control system and method for operating said system
US8725589Mar 5, 2010May 13, 2014Jpmorgan Chase Bank, N.A.Methods for personalizing multi-layer transaction cards
US8745395 *Jul 25, 2012Jun 3, 2014Blackberry LimitedEnabling use of a certificate stored in a smart card
US8751294May 9, 2012Jun 10, 2014E2Interactive, Inc.Processing value-ascertainable items
US8762350Mar 13, 2012Jun 24, 2014Red Hat, Inc.Methods and systems for providing data objects on a token
US8787566Aug 23, 2006Jul 22, 2014Red Hat, Inc.Strong encryption
US8793487Jan 16, 2009Jul 29, 2014Identrust, Inc.Binding a digital certificate to multiple trust domains
US8806219Aug 23, 2006Aug 12, 2014Red Hat, Inc.Time-based function back-off
US8813243Feb 2, 2007Aug 19, 2014Red Hat, Inc.Reducing a size of a security-related data object stored on a token
US8818903Nov 22, 2006Aug 26, 2014Charles DulinTransaction coordinator for digital certificate validation and other services
US8819792Apr 26, 2011Aug 26, 2014Blackberry LimitedAssignment and distribution of access credentials to mobile communication devices
US8832453Feb 28, 2007Sep 9, 2014Red Hat, Inc.Token recycling
US8843417Nov 3, 2008Sep 23, 2014Visa U.S.A. Inc.Track data encryption
US8844048Jan 12, 2012Sep 23, 2014Sca Ipla Holdings Inc.Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20030050899 *Oct 12, 1999Mar 13, 2003David R. TushieSystem and method for smart card personalization
US20090183541 *Apr 24, 2007Jul 23, 2009Babak SadighiAccess Control System and Method for Operating Said System
US20100131414 *Mar 14, 2008May 27, 2010Gavin Randall TamePersonal identification device for secure transactions
US20100205460 *Jul 20, 2007Aug 12, 2010Hui LinEncryption method for digital data memory card and assembly for performing the same
US20100215180 *Jun 11, 2008Aug 26, 2010Nds LimitedReplacement of keys
US20100241867 *Jun 7, 2010Sep 23, 2010Brown Michael KSystem and method for encrypted smart card pin entry
US20110029779 *Jul 13, 2010Feb 3, 2011Felica Networks, Inc.Information processing apparatus, program, storage medium and information processing system
US20110099589 *Oct 26, 2009Apr 28, 2011Lg Electronics IncDigital Broadcasting System and Method of Processing Data in Digital Broadcasting System
US20110178884 *Jan 5, 2011Jul 21, 2011Mordechai TeicherTrusted stored-value payment system that includes untrusted merchant terminals
US20110185178 *Feb 16, 2009Jul 28, 2011Compugroup Holding AgCommunication method of an electronic health insurance card with a reading device
US20110251955 *Dec 9, 2009Oct 13, 2011Nxp B.V.Enhanced smart card usage
US20120032781 *Aug 4, 2011Feb 9, 2012Electronics And Telecommunications Research InstituteRemote personal authentication system and method using biometrics
US20120297195 *Jul 25, 2012Nov 22, 2012Research In Motion LimitedEnabling use of a certificate stored in a smart card
US20120331302 *Mar 7, 2011Dec 27, 2012GIESECKE & DEVRIENT GmbH a corporationMethod for authenticating a portable data carrier
US20130198037 *Mar 14, 2013Aug 1, 2013Blue Spike, Inc.Systems, methods and devices for trusted transactions
US20130262295 *Dec 21, 2012Oct 3, 2013Shankar NarayananDigital emulation of cash-based transactions
US20130285793 *Jun 18, 2013Oct 31, 2013Telcred AbAccess control system and method for operating said system
US20140013109 *Jul 9, 2012Jan 9, 2014Verizon Patent And Licensing Inc.Secure delivery of trust credentials
USRE39269Jun 10, 2002Sep 5, 2006Sun Microsystems, Inc.Data exchange system comprising portable data processing units
USRE40378 *Jun 17, 2005Jun 10, 2008GemplusSmart card which operates with the USB protocol
CN1581118BAug 6, 2004May 12, 2010松下电器产业株式会社Secure device, information processing terminal, integrated circuit, application apparatus and method
CN1913427BJul 31, 2006Sep 21, 2011捷讯研究有限公司System and method for encrypted smart card PIN entry
CN100420183CApr 18, 2002Sep 17, 2008株式会社Ntt都科摩Terminal communication system
DE102008000897A1 *Mar 31, 2008Oct 1, 2009Compugroup Holding AgKommunikationsverfahren einer elektronischen Gesundheitskarte mit einem Lesegerät
EP1014310A2 *Dec 23, 1999Jun 28, 2000Pitney Bowes Inc.Certificate meter with selectable indemnification provisions
EP1022685A2 *Dec 23, 1999Jul 26, 2000Pitney Bowes Inc.Selective security level certificate meter
EP1028398A2 *Feb 8, 2000Aug 16, 2000Citicorp Development Center, Inc.System, method and apparatus for value exchange utilizing value-storing applications
EP1162778A2 *May 25, 2001Dec 12, 2001Trw Inc.System and method for arranging digital certificates on a hardware token
EP1248238A2 *Mar 13, 2002Oct 9, 2002Bundesdruckerei GmbHMethod and apparatus for the use of public authority services
EP1278333A1 *Apr 18, 2002Jan 22, 2003NTT DoCoMo, Inc.Terminal communication system
EP1414191A1 *Jul 30, 2002Apr 28, 2004Sony CorporationRadio communication system, radio communication control apparatus, radio communication control method, recording medium, and computer program
EP1457936A2 *Feb 27, 2004Sep 15, 2004Matsushita Electric Industrial Co., Ltd.Application authentication system, secure device, and terminal device
EP1495576A1 *Mar 26, 2003Jan 12, 2005Nokia CorporationSystem and method for key distribution and network connectivity
EP1505473A1 *Jun 30, 2000Feb 9, 2005Microsoft CorporationMethods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
EP1537516A2 *Aug 1, 2003Jun 8, 2005CardtronicMethod and system for executing applications on a mobile device
EP1752937A1 *Jul 29, 2005Feb 14, 2007Research In Motion LimitedSystem and method for encrypted smart card PIN entry
EP1855254A1 *May 12, 2006Nov 14, 2007Servipack N.V.Memory carrier, authorisation method, reader, network and access control system
EP1860620A2 *Feb 27, 2004Nov 28, 2007Matsushita Electric Industrial Co., Ltd.Terminal device, secure device and application authentication method
EP1890246A1Aug 16, 2006Feb 20, 2008Research In Motion LimitedEnabling use of a certificate stored in a smart card
EP2192511A1 *Dec 1, 2008Jun 2, 2010Research In Motion LimitedSimplified biometric character sequence entry
EP2426652A1 *Sep 6, 2010Mar 7, 2012Gemalto SASimplified method for customising a smart card and associated device
WO1998040982A1 *Mar 10, 1998Sep 17, 1998Chen Ann PinSecure electronic commerce employing integrated circuit cards
WO1998052151A1 *May 14, 1998Nov 19, 1998Access Security Sweden AbElectronic transaction
WO1999027654A2 *Nov 10, 1998Jun 3, 1999Motorola IncMethod and system for securely transferring a data set in a data communications system
WO1999033011A1 *Dec 4, 1998Jul 1, 1999Motorola IncPortable 1-way wireless financial messaging unit
WO1999033191A1 *Dec 4, 1998Jul 1, 1999Motorola IncPortable 2-way wireless financial messaging unit
WO1999049425A1 *Feb 1, 1999Sep 30, 1999Siemens Nixdorf Banking SystDevice and method for securely dispensing items with a monetary value
WO2000033196A1 *Nov 26, 1999Jun 8, 2000Aristocrat Leisure Ind Pty LtdElectronic casino gaming with authentication and improved security
WO2000039758A1 *Dec 6, 1999Jul 6, 2000Deutsche Telekom AgMethod for the secure handling of money or units of value with pre-paid data carriers
WO2000052866A2 *Feb 25, 2000Sep 8, 2000Esign IncPortable electronic charge and authorization devices and methods therefor
WO2000062214A1 *Apr 6, 2000Oct 19, 2000Arie BerlinCredit card security technique
WO2000075831A1 *Jun 2, 2000Dec 14, 2000First Usa Bank NaCredit instrument and system with automated payment of club, merchant and service provider fees
WO2001007990A1 *Jun 30, 2000Feb 1, 2001Microsoft CorpMethods and arrangements for mapping widely disparate portable tokens to a static machine concentric cryptographic environment
WO2001009849A1 *Jul 25, 2000Feb 8, 2001Giesecke & Devrient GmbhMethod, data carrier and system for authentication of a user and a terminal
WO2002015464A1 *Aug 14, 2001Feb 21, 2002Peter H GienSystem and method for secure smartcard issuance
WO2002019280A2Aug 23, 2001Mar 7, 2002Nokia CorpMethod and token for authenticating a control point
WO2002075616A1 *Mar 20, 2002Sep 26, 2002Dept Of Natural Resources AndIdentification and authentication device
WO2003046847A1 *Nov 28, 2002Jun 5, 2003Francois BrionMethod, system and device for authenticating data transmitted and/or received by a user
WO2005010684A2Jul 16, 2004Feb 3, 2005Digimarc CorpUniquely linking security elements in identification documents
WO2005086104A1 *Feb 25, 2005Sep 15, 2005Gilbarco IncLocal zone security architecture for retail environments
WO2007131952A1 *May 11, 2007Nov 22, 2007Servipark N VMemory carrier, authorisation method, reader, network and access control system
WO2009007653A1 *Jul 3, 2008Jan 15, 2009France TelecomMethod for protecting applications installed on a secured module, and related terminal, security module and communication equipment
WO2009061743A1 *Nov 4, 2008May 14, 2009Dresser IncSystem and method for authenticated payment terminal display prompt control
WO2009126994A1 *Apr 14, 2009Oct 22, 2009Lockstep Technologies Pty LtdAuthenticating electronic financial transactions
WO2010065374A1 *Nov 23, 2009Jun 10, 2010Symbol Technologies, Inc.System and method for a secure transaction
WO2011089533A2 *Jan 5, 2011Jul 28, 2011Cardis International Intertrust N.V.Trusted stored-value payment system that includes untrusted merchant terminals
WO2012031848A1 *Aug 10, 2011Mar 15, 2012Gemalto SaSimplified method for personalizing a smart card, and associated device
WO2012095026A1 *Jan 13, 2012Jul 19, 2012Hong Kong Applied Science And Technology Research Institute Co., Ltd.Proximity based biometric identification systems and methods
Classifications
U.S. Classification705/67, 713/173, 713/169
International ClassificationG07F7/10
Cooperative ClassificationH04L2209/56, H04L9/3263, G06Q20/3674, G06Q20/341, G06Q20/4097, G06Q20/3576, G07F7/082, G07F7/1008
European ClassificationG06Q20/4097, G06Q20/3576, G06Q20/3674, G07F7/08A2B, G06Q20/341, H04L9/32T, G07F7/10D
Legal Events
DateCodeEventDescription
Jul 22, 2009FPAYFee payment
Year of fee payment: 12
Jul 27, 2005FPAYFee payment
Year of fee payment: 8
Jul 27, 2001FPAYFee payment
Year of fee payment: 4
Sep 13, 1995ASAssignment
Owner name: MICROSOFT CORPORATION, WASHINGTON
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DEO, VINAY;SEIDENSTICKER, ROBERT B.;SIMON, DANIEL R.;REEL/FRAME:007698/0544;SIGNING DATES FROM 19950809 TO 19950828